Date: Thu, 26 Mar 2009 20:07:59 +0300 From: Eric Magutu <emagutu@gmail.com> To: "Michael K. Smith - Adhost" <mksmith@adhost.com> Cc: freebsd-questions@freebsd.org Subject: Re: first firewall with pf Message-ID: <e9cb8190903261007r701b68e9y76166139ace38d7c@mail.gmail.com> In-Reply-To: <17838240D9A5544AAA5FF95F8D52031605B42A8F@ad-exh01.adhost.lan> References: <53529.216.241.167.212.1237911183.squirrel@webmail.pknet.net> <op.ura05ywcflcvyi@da1-desktop-x64> <17838240D9A5544AAA5FF95F8D52031605B4283F@ad-exh01.adhost.lan> <e9cb8190903260723y40f12cd9s7af35670f7285627@mail.gmail.com> <17838240D9A5544AAA5FF95F8D52031605B42A8F@ad-exh01.adhost.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Micheal, I was trying to simulate the conditions of the server on a test machine. I'm pretty sure now I didn't take into account all the network aspects, silly mistake :-) Its probably my routing. I will check on my routes tomorrow and get back to you. I think there is only one active interface though. On Thu, Mar 26, 2009 at 7:33 PM, Michael K. Smith - Adhost < mksmith@adhost.com> wrote: > Hello Eric: > > > Hi everyone, > > Can you provide a little more information about your topology? Right now, > you only have one interface defined in your rules, but you are attempting to > pass traffic between two subnets. That would suggest you have two > interfaces and, if so, both need to be accounted for in your rules below. > You'll have to have pass/block rules for both. It looks like this: > > 172.16.0.0/16 -> le0 <firewall> -> (some other interface) -> 10.0.0.0 > > Could you tell me if that is correct? > > Thanks, > > Mike > > ----- Original Message Snipped ----- > Thanks for all your input so far. I have tried to implement all you > suggestions but have gotten stuck. I set up a test machine in the office > with the ip 10.0.0.110 and encountered the following problems: > > when I enables antispoofing the firewall didn't work > > when I tried allowing the 10.0.0.0 subnet it worked ok but when i tried > connecting from machines on the 172.16 subnet I was unable to connect. > > Can you please let me know what I'm doing wrong? > ---------------------------------------- > -- Regards, Eric Magutu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e9cb8190903261007r701b68e9y76166139ace38d7c>